COMMAND

	Jrun sourcecode disclosure

SYSTEMS AFFECTED

	Jrun 4.0 on Windows 2000 Server

PROBLEM

	In Peter Gründl [pgrundl@kpmg.dk] of  KPMH  Danemark  advisory  [BUG-ID:
	2002026] :
	

	There are several strings that can be attacked to a  legitimate  request
	to fool the webserver  into  serving  up  the  unparsed  .jsp  file  The
	problem is with the handling of null characters in  the  request  string
	and one way to trigger it is to append a  unicoded  null  to  the  valid
	request string.

SOLUTION

	Read the vendors advisory to determine which patch you need:
	

	http://www.macromedia.com/v1/handlers/index.cfm?ID=23164